Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

burstnet.com and other adware problems


  • This topic is locked This topic is locked
18 replies to this topic

#1 drunkle

drunkle

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:the Big O!
  • Local time:12:57 AM

Posted 21 November 2009 - 06:49 PM

Lately I have been getting this error message from IE saying that it is having problems running scripts on the current page. What worries me is that I don't us IE, at all. I am a Firefox guy. I keep IE installed because it is the only browser capable of doing some the online things that my college requires of me. Plus, I don't knowingly have any programs running in the background that use IE. I set Firefox as my default for all programs. The error message then lists one of several websites, the most prominent being burstnet.com. The addresses are very long and filled with a random assortment of characters. Since this has started, my internet connection has been very unstable and will disconnect at random (regardless of where I am while using it -coffee shop, home, work, etc...). When I am able to connect the web browser is incredibly slow. It will take about 2 min to load the BC homepage.

I've run multiple scans with Avira, Ad-Aware and AVG. Sometimes Avira will find something that it says contains some lines of code similar to an html trojan. However, there isn't one in particular it lists. Also, a few days after it 'fixes' the trojan it said it found, it comes back while the slowness and sluggishness continue. I've included a HJT log below.

thanks in advance for your help.

drunkle

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:44:33 PM, on 11/21/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Drunkle\Desktop\RuneScape.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe (file missing)
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8980 bytes
"Finished products are for decadent minds." --Asimov
"Cogito ergo sum." --René Descartes

BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:57 AM

Posted 28 November 2009 - 10:37 AM

Hello,
Do you still desire help? Please outline your current problems and inform me of what you have done since your last post.
Kind regards,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 drunkle

drunkle
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:the Big O!
  • Local time:12:57 AM

Posted 30 November 2009 - 10:35 AM

Thank you thcbytes, I would still like to have this resolved. I haven't done much but a few more virus scans with the software listed in my last post. Avira found that html bug again and i have it quarantined. That seems to have helped a little, but I Would like to get rid of it and it anything else its done. Let me know what you need from me. Thanks.

drunkle
"Finished products are for decadent minds." --Asimov
"Cogito ergo sum." --René Descartes

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:57 AM

Posted 30 November 2009 - 06:39 PM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am Posted Image and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste al logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.Posted Image
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
==========

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

==========

With your next post please provide:

* OTL.txt
* Extra.txt
* Gmer log

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 drunkle

drunkle
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:the Big O!
  • Local time:12:57 AM

Posted 01 December 2009 - 11:49 PM

Thanks again thcbytes, here are those logs:

OTL logfile created on: 12/1/2009 10:10:10 PM - Run 1
OTL by OldTimer - Version 3.1.11.4 Folder = C:\Users\Drunkle\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 60.71% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 359.52 Gb Total Space | 315.20 Gb Free Space | 87.67% Space Free | Partition Type: NTFS
Drive D: | 13.08 Gb Total Space | 2.03 Gb Free Space | 15.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRUNKLE-PC
Current User Name: Drunkle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/01 22:05:03 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Drunkle\Desktop\OTL.exe
PRC - [2009/11/21 16:32:45 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/11/07 13:44:07 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/08/05 23:16:45 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/15 23:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2009/02/15 23:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/02/09 17:14:02 | 00,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/02/09 17:14:02 | 00,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2008/12/08 17:34:24 | 00,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
PRC - [2008/12/02 20:28:22 | 00,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/11/19 11:14:06 | 00,222,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2008/10/23 14:46:02 | 00,223,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
PRC - [2008/10/22 12:32:20 | 00,628,016 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008/10/10 14:24:44 | 00,206,128 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe


========== Modules (SafeList) ==========

MOD - [2009/12/01 22:05:03 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Drunkle\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/24 19:26:26 | 01,142,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/08/13 17:09:38 | 00,240,640 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/04/11 01:11:13 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\bthserv.dll -- (BthServ)
SRV:64bit: - [2009/03/02 18:42:58 | 00,089,600 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_1b06afce\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/10 08:04:58 | 00,935,424 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/03/18 17:25:40 | 00,023,040 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 20:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 13:11:30 | 00,015,872 | ---- | M] (Agere Systems) -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2009/11/21 16:32:45 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/28 20:21:28 | 00,660,256 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/03 10:53:00 | 00,048,368 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/08/27 12:28:00 | 00,238,328 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/08/05 23:16:45 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/29 22:39:54 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/02/15 23:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/02/09 17:14:02 | 00,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/02/09 17:14:02 | 00,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/02 20:28:22 | 00,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/11/19 11:14:06 | 00,222,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx)
SRV - [2008/10/23 14:46:02 | 00,223,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2008/10/09 09:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/09/15 08:13:38 | 00,241,734 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2008/06/09 11:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/11/02 07:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 00:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 00:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2004/10/22 05:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/09/30 18:51:42 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/02 03:09:34 | 00,221,696 | ---- | M] (Realtek ) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/08/28 19:42:52 | 00,049,152 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/13 17:09:38 | 00,487,936 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/05/18 14:17:08 | 00,034,152 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/10 23:39:51 | 00,275,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/04/06 09:51:06 | 00,073,048 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/02/15 23:11:48 | 00,337,560 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysNative\DRIVERS\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2009/01/19 22:57:37 | 00,694,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Drivers\BTHport.sys -- (BTHPORT)
DRV:64bit: - [2009/01/19 22:57:37 | 00,178,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV:64bit: - [2009/01/19 22:57:37 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Drivers\BTHUSB.sys -- (BTHUSB)
DRV:64bit: - [2009/01/19 22:57:37 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\BthEnum.sys -- (BthEnum)
DRV:64bit: - [2008/12/10 09:31:26 | 04,993,024 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/11/21 21:05:22 | 01,253,376 | ---- | M] (Agere Systems) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/10/27 18:40:02 | 01,164,288 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/07/21 04:53:04 | 00,145,496 | ---- | M] (JMicron Technology Corporation) -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/05/28 16:54:18 | 00,026,168 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/04/27 23:25:06 | 00,016,400 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/03/28 01:06:00 | 00,324,656 | ---- | M] (Synaptics, Inc.) -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/03/27 13:10:56 | 00,026,984 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 13:10:14 | 00,040,296 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/01/24 07:24:24 | 00,060,928 | ---- | M] (ENE TECHNOLOGY INC.) -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/01/20 20:47:27 | 00,168,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2008/01/20 20:47:02 | 00,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV:64bit: - [2008/01/20 20:46:57 | 03,154,432 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2008/01/20 20:46:55 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 20:46:51 | 00,017,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2007/06/18 18:13:12 | 00,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 19:45:36 | 00,273,408 | ---- | M] (Marvell) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2008/11/28 19:04:24 | 00,146,928 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2006/09/18 15:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 15:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-356766342-900235328-711295000-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKU\S-1-5-21-356766342-900235328-711295000-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKU\S-1-5-21-356766342-900235328-711295000-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-356766342-900235328-711295000-1000\S-1-5-21-356766342-900235328-711295000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.69

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/11/07 13:44:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/11/07 13:44:13 | 00,000,000 | ---D | M]

[2009/06/24 20:29:07 | 00,000,000 | ---D | M] -- C:\Users\Drunkle\AppData\Roaming\Mozilla\Extensions
[2009/12/01 12:46:15 | 00,000,000 | ---D | M] -- C:\Users\Drunkle\AppData\Roaming\Mozilla\Firefox\Profiles\uhk064xe.default\extensions
[2009/06/24 20:55:55 | 00,000,000 | ---D | M] -- C:\Users\Drunkle\AppData\Roaming\Mozilla\Firefox\Profiles\uhk064xe.default\extensions\{47d1d620-5e5b-11da-8cd6-0800200c9a66}
[2009/10/30 16:45:59 | 00,000,000 | ---D | M] -- C:\Users\Drunkle\AppData\Roaming\Mozilla\Firefox\Profiles\uhk064xe.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2009/08/13 15:51:01 | 00,000,000 | ---D | M] -- C:\Users\Drunkle\AppData\Roaming\Mozilla\Firefox\Profiles\uhk064xe.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/09/10 14:44:47 | 00,000,000 | ---D | M] -- C:\Users\Drunkle\AppData\Roaming\Mozilla\Firefox\Profiles\uhk064xe.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/11/21 06:04:00 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-356766342-900235328-711295000-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.59.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d9e7a50d-702f-11de-9d3a-00235a336f7e}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/01 22:05:02 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Users\Drunkle\Desktop\OTL.exe
[2009/11/28 23:35:12 | 00,000,000 | ---D | C] -- C:\Windows\LastGood.Tmp
[2009/11/24 23:13:52 | 00,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2009/11/24 23:13:52 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2009/11/21 15:52:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/11/21 06:03:57 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2009/11/21 06:03:57 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2009/11/21 06:03:57 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2009/11/17 13:56:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2009/11/17 13:56:36 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2009/11/17 13:56:33 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/11/17 11:27:56 | 00,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2009/11/17 11:27:56 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2009/11/17 11:27:56 | 00,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2009/11/17 11:27:55 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2009/11/17 11:27:54 | 01,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2009/11/17 11:27:54 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2009/11/17 11:27:54 | 00,981,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2009/11/17 11:27:54 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecs.dll
[2009/11/17 11:27:54 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2009/11/17 11:27:54 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2009/11/17 11:27:54 | 00,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2009/11/17 11:27:54 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2009/11/17 11:27:54 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2009/11/17 11:27:54 | 00,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2009/11/17 11:27:54 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecsExt.dll
[2009/11/17 11:27:54 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2009/11/17 11:27:54 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2009/11/17 11:27:53 | 03,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2009/11/17 11:27:53 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2009/11/17 11:27:53 | 01,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2009/11/17 11:27:53 | 01,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2009/11/17 11:27:53 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2009/11/17 11:27:53 | 00,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2009/11/17 11:27:53 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2009/11/17 11:27:53 | 00,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2009/11/17 11:27:53 | 00,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2009/11/17 11:27:53 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2009/11/17 11:27:53 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10level9.dll
[2009/11/17 11:27:53 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxgi.dll
[2009/11/17 11:27:53 | 00,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2009/11/17 11:27:53 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2009/11/17 11:27:53 | 00,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiag.exe
[2009/11/17 11:27:53 | 00,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2009/11/17 11:27:53 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll
[2009/11/17 11:27:53 | 00,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2009/11/17 11:27:53 | 00,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll
[2009/11/17 11:27:53 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiag.exe
[2009/11/17 11:27:53 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2009/11/17 11:27:53 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll
[2009/11/17 11:27:53 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10core.dll
[2009/11/17 11:27:52 | 01,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2009/11/17 11:27:52 | 01,269,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2009/11/17 11:27:52 | 01,142,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll
[2009/11/17 11:27:52 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2009/11/17 11:27:52 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10.dll
[2009/11/17 11:27:52 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2009/11/17 11:27:52 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2009/11/17 11:27:20 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BthMtpContextHandler.dll
[2009/11/17 11:27:20 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShextAutoplay.exe
[2009/11/17 11:27:20 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShextAutoplay.exe
[2009/11/17 11:27:14 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceConnectApi.dll
[2009/11/17 11:27:14 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtpUS.dll
[2009/11/17 11:27:14 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WpdUsb.sys
[2009/11/17 11:27:14 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdConns.dll
[2009/11/17 11:27:13 | 02,727,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2009/11/17 11:27:13 | 02,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpdshext.dll
[2009/11/17 11:27:13 | 00,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2009/11/17 11:27:13 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
[2009/11/17 11:27:13 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceApi.dll
[2009/11/17 11:27:13 | 00,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtp.dll
[2009/11/17 11:27:13 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceTypes.dll
[2009/11/17 11:27:13 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceTypes.dll
[2009/11/17 11:27:13 | 00,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceClassExtension.dll
[2009/11/17 11:27:13 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll
[2009/11/17 11:27:13 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceClassExtension.dll
[2009/11/17 11:27:13 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceConnectApi.dll
[2009/11/17 11:27:12 | 00,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll
[2009/11/17 11:27:12 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll
[2009/11/17 11:27:12 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceWMDRM.dll
[2009/11/17 11:27:12 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceWMDRM.dll
[2009/11/17 11:25:56 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2009/11/17 11:25:56 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2009/11/17 11:25:55 | 00,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2009/11/17 11:25:55 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2009/11/17 11:25:55 | 00,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2009/11/15 16:08:10 | 00,000,000 | -HSD | C] -- C:\found.001
[2009/11/09 22:54:03 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2009/11/09 22:50:57 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/11/09 15:23:45 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/11/09 15:04:58 | 00,000,000 | ---D | C] -- C:\Users\Drunkle\Desktop\us
[2009/11/06 08:40:54 | 00,043,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2009/11/06 08:40:53 | 02,621,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2009/11/06 08:40:53 | 00,057,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2009/11/06 08:40:36 | 00,700,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2009/11/06 08:40:36 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2009/11/06 08:40:36 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2009/11/06 08:40:36 | 00,038,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2009/11/06 08:40:35 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2009/11/06 08:40:35 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2009/11/06 08:40:26 | 00,185,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2009/11/06 08:40:26 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2009/11/06 08:40:26 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2009/11/06 08:40:26 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/01 22:10:25 | 02,097,152 | -HS- | M] () -- C:\Users\Drunkle\NTUSER.DAT
[2009/12/01 22:08:44 | 00,000,038 | ---- | M] () -- C:\Users\Drunkle\jagex_runescape_preferences.dat
[2009/12/01 22:08:39 | 00,000,063 | ---- | M] () -- C:\Users\Drunkle\jagex_runescape_preferences2.dat
[2009/12/01 22:05:03 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Drunkle\Desktop\OTL.exe
[2009/12/01 21:56:54 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/01 21:56:54 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/01 17:56:55 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/29 03:22:57 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/11/29 03:22:57 | 00,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/11/29 03:22:57 | 00,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/11/29 03:16:53 | 00,350,192 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2009/11/29 03:16:53 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/29 03:16:15 | 40,242,62656 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/29 03:15:16 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/11/29 03:15:14 | 00,524,288 | -HS- | M] () -- C:\Users\Drunkle\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2009/11/29 03:15:14 | 00,065,536 | -HS- | M] () -- C:\Users\Drunkle\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2009/11/29 03:15:13 | 02,382,249 | -H-- | M] () -- C:\Users\Drunkle\AppData\Local\IconCache.db
[2009/11/25 01:50:31 | 00,003,584 | ---- | M] () -- C:\Users\Drunkle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/21 17:44:33 | 00,008,981 | ---- | M] () -- C:\Users\Drunkle\Documents\hijackthis21nov09
[2009/11/21 15:52:31 | 00,001,928 | ---- | M] () -- C:\Users\Drunkle\Desktop\HijackThis.lnk
[2009/11/17 13:51:07 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/11/17 13:50:58 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/12 22:42:10 | 00,001,724 | ---- | M] () -- C:\Users\Drunkle\Desktop\CCleaner.lnk
[2009/11/11 16:32:49 | 00,305,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/11/09 22:54:02 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2009/11/09 22:50:54 | 00,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/21 17:44:33 | 00,008,981 | ---- | C] () -- C:\Users\Drunkle\Documents\hijackthis21nov09
[2009/11/21 17:08:30 | 40,242,62656 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/21 15:52:31 | 00,001,928 | ---- | C] () -- C:\Users\Drunkle\Desktop\HijackThis.lnk
[2009/11/17 13:51:07 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/11/17 13:50:58 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/10/15 07:13:33 | 00,000,680 | ---- | C] () -- C:\Users\Drunkle\AppData\Local\d3d9caps.dat
[2009/07/23 15:35:51 | 00,003,584 | ---- | C] () -- C:\Users\Drunkle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/26 19:36:04 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/06/26 19:35:00 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/24 22:28:09 | 00,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/06/24 22:27:59 | 00,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/06/24 22:27:15 | 00,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/06/24 22:26:38 | 00,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/06/24 22:25:09 | 00,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/06/24 21:50:25 | 00,410,970 | ---- | C] () -- C:\Users\Drunkle\AppData\Local\dd_vcredistMSI4631.txt
[2009/06/24 21:50:25 | 00,014,634 | ---- | C] () -- C:\Users\Drunkle\AppData\Local\dd_vcredistUI4631.txt
[2009/06/24 19:50:26 | 00,479,386 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/06/24 19:50:22 | 00,000,000 | ---- | C] () -- C:\Users\Drunkle\AppData\Local\QSwitch.txt
[2009/06/24 19:50:22 | 00,000,000 | ---- | C] () -- C:\Users\Drunkle\AppData\Local\DSwitch.txt
[2009/06/24 19:50:22 | 00,000,000 | ---- | C] () -- C:\Users\Drunkle\AppData\Local\AtStart.txt
[2009/01/19 23:45:49 | 00,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/01/19 23:36:56 | 00,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/01/19 23:34:18 | 00,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/01/19 23:32:19 | 00,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/01/20 20:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== LOP Check ==========

[2009/07/17 01:01:50 | 00,000,000 | ---D | M] -- C:\Users\Drunkle\AppData\Roaming\PlayFirst
[2009/07/17 01:00:03 | 00,000,000 | ---D | M] -- C:\Users\Drunkle\AppData\Roaming\WildTangent
[2009/11/29 03:15:17 | 00,030,354 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

OTL Extras logfile created on: 12/1/2009 10:10:10 PM - Run 1
OTL by OldTimer - Version 3.1.11.4 Folder = C:\Users\Drunkle\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 60.71% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 359.52 Gb Total Space | 315.20 Gb Free Space | 87.67% Space Free | Partition Type: NTFS
Drive D: | 13.08 Gb Total Space | 2.03 Gb Free Space | 15.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRUNKLE-PC
Current User Name: Drunkle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-356766342-900235328-711295000-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 9E 9F 50 FF CD F6 C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06AF7488-6F69-4B6B-BAB3-9B837908E149}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{07E79573-2129-46B6-815F-7997F8858DF4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{252370CE-0473-48A6-8AF0-926C6A01A2B5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{32E9EDCC-FAFC-4043-A3EB-C3B31A9C21C3}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{35CED988-5E71-4BE3-B9F5-923FD2C56AF0}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{4B279F6E-B6D8-4357-AB71-D168DA65D967}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{5CA7E65C-6928-41B5-8E18-C1BF34746049}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{6002D135-25B2-47B6-847F-DC0A0FCE0156}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6473382D-761E-4671-9E74-A802738B06FE}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{6867D958-C760-46C3-85CF-D97E8DE07BF5}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{6BCE9767-1021-487C-AFCE-6D3E5CD9984F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{89FB87B1-36B7-4C96-AFB3-376660F3E4FA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{9B201F94-B199-4481-891F-6B547CBD8F7E}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C9AA9E61-35D6-4C83-B15D-55D04EC23227}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{CBF19673-CFFF-4E31-9F8F-D42727B2A16C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{CC953F42-3359-4D58-8390-C173BD801189}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{D8409BDD-90FB-4318-92A0-5FEAB98A8EDB}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{EEDF84E6-AC21-4C52-AEA2-B7C6C8CBD402}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{F08EF844-F4E5-4D3B-BD6A-78C9D42BB9B2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F238BED5-9BF7-4207-A108-238D41049BAC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A5F59952-475D-4DCC-BEAD-C216FC68E05C}" = iTunes
"{B87BB2A8-5921-9B18-BBB5-D9A42F9CD3E1}" = ccc-utility64
"{C6CFAF5A-12F9-485E-EAD7-7FA1D3E5B943}" = ATI Catalyst Install Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002471C5-6F62-D6CD-D6E5-A0F20F079B8B}" = Catalyst Control Center Localization Polish
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03819281-0870-65EE-24B0-A7DEDE9F796A}" = Catalyst Control Center Localization Chinese Traditional
"{04F66470-CEA7-BF9A-1885-8E1A3474825A}" = CCC Help Danish
"{08062F2F-926A-D7EC-57E9-AB97AA0D7FDA}" = CCC Help Finnish
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0CAB8CDF-232E-F28F-A017-B388F41FACCB}" = CCC Help Portuguese
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}" = HP User Guides 0129
"{150FE68F-EE0C-4867-150A-D74FECBB8448}" = Catalyst Control Center Graphics Light
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{2680244D-0FBA-4856-EBE3-9D67E61EB46F}" = Catalyst Control Center Localization Spanish
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 17
"{2BDFE775-48C0-3E1C-895C-DACC33CC52F0}" = Catalyst Control Center Localization Greek
"{2DAD2930-DFC1-AD0F-E63D-B3E95451CD68}" = CCC Help Greek
"{2F59397E-50B1-3CA6-2F8C-03773D40BE3B}" = Catalyst Control Center Graphics Full New
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{35CC44E6-5916-89DC-16B6-7ADE609211CE}" = Catalyst Control Center Localization Finnish
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3A9C19FE-D61C-50DA-6FAF-7FB941B538A0}" = Catalyst Control Center Localization French
"{3BAB23A6-5272-F52D-1AF0-29419F1362B4}" = Catalyst Control Center Localization Italian
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{445F6483-40DC-61B5-849D-35274D96DBA3}" = Catalyst Control Center Localization Czech
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A239818-F5F7-7AE8-9FD3-08F435ED88D0}" = Skins
"{4C17CE6E-4838-819F-01BE-7EEE6181914A}" = Catalyst Control Center Localization Norwegian
"{4C4EA31F-AE29-2517-5E92-3EFB1FD7B896}" = CCC Help Hungarian
"{527CF1CA-D98B-504D-833B-69DA9A8A5AD6}" = CCC Help Czech
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5B99A0A7-0B21-2CD6-474D-8D67177BD4D6}" = Catalyst Control Center Localization Dutch
"{5CFE0191-1ECE-7BD5-8AEF-069ED59A01BB}" = Catalyst Control Center Localization Korean
"{6244BAF3-F26D-A695-1EF6-D9A3C0A6DAA1}" = Catalyst Control Center Graphics Previews Common
"{6570A194-A52D-9F23-EA48-90D7C6F20BE9}" = Catalyst Control Center Localization Swedish
"{666F0B45-78DA-FAA3-AB14-43CAEEA3D475}" = Catalyst Control Center Localization Russian
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66B6555E-07BF-3FCB-191F-BCD75650F1F2}" = CCC Help Italian
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{67F6A6BA-E225-4BF5-8E7C-BB4AE25EDCBC}" = Catalyst Control Center InstallProxy
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69E1907C-E9EA-7A5A-79ED-47FF2B5BFDFB}" = Catalyst Control Center Localization Danish
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{75D0438A-55FB-DD38-0745-5D370179CAC7}" = CCC Help French
"{793C0C7E-7977-C9B5-B427-FDF95F2D1636}" = Catalyst Control Center Localization Hungarian
"{7CA1269D-86E6-91A8-DD66-9CF6838821BF}" = Catalyst Control Center Localization Portuguese
"{812C53D9-39EC-0511-04E4-5430A4747FB5}" = CCC Help German
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1940302-F0F9-132F-C521-A5D0E24FAC1D}" = CCC Help Thai
"{A2315CF8-E14F-FA46-B1F1-20E0E5483ADB}" = Catalyst Control Center Localization Thai
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A8411EDB-6A00-8D1A-584B-7A932F44A0C9}" = CCC Help Japanese
"{AC5CD4CF-3802-623E-AD97-D188785EF411}" = CCC Help Polish
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B9275904-9237-94A3-2144-E3D6A62B57E9}" = CCC Help Turkish
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C48EB957-0CCB-D590-AB3F-B3F8A14ECC2F}" = Catalyst Control Center Graphics Full Existing
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBA7FD59-19A7-5724-5646-CF307326CC18}" = Catalyst Control Center Core Implementation
"{CC7A4274-E6F2-2351-DA6A-07AB73896609}" = CCC Help Norwegian
"{CD7D2C01-F3C8-4127-325D-49853FCCDB62}" = Catalyst Control Center Localization German
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D1E7EA15-5F96-728C-AF32-E1CFF8F9CE44}" = CCC Help Swedish
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D47419B2-62BD-6B53-A96F-7E2F6F3D50C0}" = Catalyst Control Center Localization Turkish
"{D62C79B5-44E0-DEC0-AF01-6A1404E093E9}" = CCC Help Spanish
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E12F2B78-CF64-2438-391F-3D3411A6E193}" = CCC Help English
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5C3A144-0F9B-8F3E-F1A3-2BB7B26014A6}" = ccc-core-static
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{E8B11A27-5CA6-748E-0F68-159CCF789DF3}" = CCC Help Dutch
"{ED65A382-3F80-D5A8-CCE0-DAB59D85CA91}" = CCC Help Russian
"{EDBB71B2-3C17-4EA5-ED91-E2EA5C2305CF}" = CCC Help Korean
"{F250EA7A-F117-2CCE-03E7-BB62C2BF476C}" = Catalyst Control Center Graphics Previews Vista
"{F38CC586-4703-CE3C-F466-D7821E87926A}" = Catalyst Control Center Localization Chinese Standard
"{F62F62BD-E5C5-56E3-6CF6-00407B743E32}" = CCC Help Chinese Traditional
"{FAF7448B-7AB8-8C58-745E-1551CB481C3D}" = CCC Help Chinese Standard
"{FDE3DBB7-AA79-AA91-ABE9-3696883FAB20}" = Catalyst Control Center Localization Japanese
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP.MediaSmartSlingPlayer_is1" = HP MediaSmart SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"WildTangent hp Master Uninstall" = My HP Games
"ZoneAlarm" = ZoneAlarm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-356766342-900235328-711295000-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/21/2009 7:13:56 PM | Computer Name = Drunkle-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/21/2009 7:13:56 PM | Computer Name = Drunkle-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/21/2009 7:13:56 PM | Computer Name = Drunkle-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/21/2009 7:13:56 PM | Computer Name = Drunkle-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/21/2009 7:13:56 PM | Computer Name = Drunkle-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/21/2009 7:13:56 PM | Computer Name = Drunkle-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/21/2009 7:13:56 PM | Computer Name = Drunkle-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/22/2009 12:39:02 PM | Computer Name = Drunkle-PC | Source = Perflib | ID = 1023
Description =

Error - 11/22/2009 12:39:03 PM | Computer Name = Drunkle-PC | Source = Perflib | ID = 1008
Description =

Error - 11/22/2009 12:39:03 PM | Computer Name = Drunkle-PC | Source = Perflib | ID = 1023
Description =

[ System Events ]
Error - 11/24/2009 3:26:42 PM | Computer Name = Drunkle-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:22:33 PM on 11/24/2009 was unexpected.

Error - 11/24/2009 3:27:21 PM | Computer Name = Drunkle-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/24/2009 3:27:21 PM | Computer Name = Drunkle-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/24/2009 3:31:25 PM | Computer Name = Drunkle-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0028)
disappeared from the system without first being prepared for removal.

Error - 11/24/2009 3:31:25 PM | Computer Name = Drunkle-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0228)
disappeared from the system without first being prepared for removal.

Error - 11/24/2009 3:31:25 PM | Computer Name = Drunkle-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0328)
disappeared from the system without first being prepared for removal.

Error - 11/24/2009 3:31:25 PM | Computer Name = Drunkle-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0428)
disappeared from the system without first being prepared for removal.

Error - 11/24/2009 4:45:54 PM | Computer Name = Drunkle-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11/25/2009 2:33:04 AM | Computer Name = Drunkle-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11/25/2009 2:33:04 AM | Computer Name = Drunkle-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.


< End of report >

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-01 22:44:00
Windows 6.0.6002 Service Pack 2
Running: senv2qfw.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186bff1e3
Reg HKLM\SYSTEM\ControlSet034\Services\BTHPORT\Parameters\Keys\002186bff1e3 (not active ControlSet)

---- EOF - GMER 1.0.15 ----
"Finished products are for decadent minds." --Asimov
"Cogito ergo sum." --René Descartes

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:57 AM

Posted 02 December 2009 - 12:26 PM

Hello,

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O33 - MountPoints2\{d9e7a50d-702f-11de-9d3a-00235a336f7e}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride"=-
    
    :Commands
    [CREATERESTOREPOINT]
    [resethosts]
    [emptytemp]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
==========

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
==========

With your next post please provide:

* OTL fix log
* ESET log
* Please tell me if Avira is detecting anything? Describe any other problems.

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 drunkle

drunkle
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:the Big O!
  • Local time:12:57 AM

Posted 03 December 2009 - 02:30 PM

Ok, so dowloaded OTL and ran it with no problems. However, when I went to run the ESET scan, there was a problem. I was about 28% through the scan when the burstnet thing popped up again. When this happened, my computer froze. I didn't even have access to my mouse pointer. It sat for almost 2 hours this way and eventually I had to turn it off by pressing and holding the power button.

I restarted my computer, and initiated the scan once more. This time it completed and said that there were no threats found. It didn't give me the option export a log file. I ran Avira and it came back clean as well. Weird. So included below is the OTL log.

Lastly, I am a member of U.S. National Guard and this weekend is my drill weekend. I wont have access to a computer until late Sunday night, so it may be a while before I respond. Please don't close the topic unless all is well.

thanks,
drunkle

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9e7a50d-702f-11de-9d3a-00235a336f7e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9e7a50d-702f-11de-9d3a-00235a336f7e}\ not found.
File F:\setupSNK.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\AntiVirusOverride not found.
========== COMMANDS ==========
OTL cannot create restorepoints on Vista OSs!
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Drunkle
->Temp folder emptied: 1445257 bytes
->Temporary Internet Files folder emptied: 7516750 bytes
->Java cache emptied: 48874107 bytes
->FireFox cache emptied: 52473294 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
Windows Temp folder emptied: 7665313 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 112.57 mb


OTL by OldTimer - Version 3.1.11.4 log created on 12022009_125057

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
C:\Users\Drunkle\AppData\Local\Temp\~DF980E.tmp moved successfully.
File\Folder C:\Windows\temp\ZLT046ff.TMP not found!

Registry entries deleted on Reboot...
"Finished products are for decadent minds." --Asimov
"Cogito ergo sum." --René Descartes

#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:57 AM

Posted 03 December 2009 - 06:53 PM

burstnet thing popped up again

This worries me!

We need to see some more information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

==========

Perform an online scan with Kaspersky WebScanner. This can take a long time so please be patient.

If you have troubles getting it to run.... - STOP - and tell me about it!

(Requires free Java Runtime Environment (JRE) be installed before scanning for malware as ActiveX is no longer being used.)
  • Click on the Posted Image ...button.
  • The program will launch and fill in the Information section ... on the left.
  • Read the "Requirements and Limitations" then press... the Posted Image ...button.
  • The program will begin downloading the latest program and definition files.
    It takes a while... please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image ...button, if you made any changes.
  • Now under the Scan section on the left:Select My Computer
  • The program will start and scan your system. This will run for a while, be patient... let it run.
    Once the scan is complete, it will display if your system has been infected.
  • Save the scan results as a Text file ... save it to your desktop.
  • Copy and paste the saved scan results file in your next reply.
Posted Image

==========

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
==========

With your next post please provide:

* DDS log
* Kaspersky log
* DrWeb log

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 drunkle

drunkle
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:the Big O!
  • Local time:12:57 AM

Posted 07 December 2009 - 11:41 AM

Well sir, I have good news and bad news. The good news is that kaspesky ran and found nothing! The bad news, when I clicked on your provided link for Dr. Web-Cureit I got a BSOD. I didn't have a pen with me to write down the exact error message but I remember it involved Kernel.....inpage... something. When computer restarted, I downloaded Dr. Web again. This time it worked and came out virtually clean during the initial scan. It did say that it noticed that have been recent changes to my HOSTS

Edited by drunkle, 07 December 2009 - 11:45 AM.

"Finished products are for decadent minds." --Asimov
"Cogito ergo sum." --René Descartes

#10 drunkle

drunkle
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:the Big O!
  • Local time:12:57 AM

Posted 07 December 2009 - 11:43 AM

Well sir, I have good news and bad news. The good news is that kaspesky ran and found nothing! The bad news, when I clicked on your provided link for Dr. Web-Cureit I got a BSOD. I didn't have a pen with me to write down the exact error message but I remember it involved Kernel.....inpage... something. I the computer restarted, I downloaded Dr. Web again. This time it worked and came out virtually clean during the initial scan. It did say that it noticed that have been recent changes to my HOSTS file. It then asked if I wanted to restore the default Hosts file. I chose no and came here immediately to get the next steps from you.

Isn't this fun? =D

drunkle
"Finished products are for decadent minds." --Asimov
"Cogito ergo sum." --René Descartes

#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:57 AM

Posted 07 December 2009 - 05:07 PM

The DrWeb BSOD is not uncommon. No worries.

Let's get a close look at some important System Files that might be infected. Do you have your Vista install disc?

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    CREATERESTOREPOINT
  • Push Posted Image
  • A report will open. Copy and Paste that report in your next reply.
How is your computer running?

==========

With your next post please provide:

* Answer to all my questions <--- Important!!
* OTL.txt

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#12 drunkle

drunkle
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:the Big O!
  • Local time:12:57 AM

Posted 08 December 2009 - 01:13 PM

My system didn't come with an install disc, instead it has a special partition on the HDD set aside for such a function. Does this change the needed code for the OTL scan or is it an entirely different item?

drunkle
"Finished products are for decadent minds." --Asimov
"Cogito ergo sum." --René Descartes

#13 drunkle

drunkle
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:the Big O!
  • Local time:12:57 AM

Posted 08 December 2009 - 01:47 PM

As far as all the questions, you may need to restate them as I am sure I've forgotten some. I'll list the last few logs you've requested except the Dr. Web log as it didn't produce one. Hopefully that'll help =] Also, did you want me to re-run the Dr. Web scan? If so, should I receive the prompt to restore the default Hosts file is ok to do so?

Latest OTL log:
OTL logfile created on: 12/8/2009 12:15:41 PM - Run 2
OTL by OldTimer - Version 3.1.11.4 Folder = C:\Users\Drunkle\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 58.48% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 359.52 Gb Total Space | 312.63 Gb Free Space | 86.96% Space Free | Partition Type: NTFS
Drive D: | 13.08 Gb Total Space | 2.03 Gb Free Space | 15.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRUNKLE-PC
Current User Name: Drunkle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/01 22:05:03 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Drunkle\Desktop\OTL.exe
PRC - [2009/11/21 16:32:45 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/11/07 13:44:07 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:34 | 00,022,816 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe
PRC - [2009/10/11 04:17:31 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\java.exe
PRC - [2009/08/05 23:16:45 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/24 20:35:20 | 00,091,656 | ---- | M] (Jagex Ltd) -- C:\Users\Drunkle\Desktop\RuneScape.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/15 23:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2009/02/15 23:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/02/09 17:14:02 | 00,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/02/09 17:14:02 | 00,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2008/12/08 17:34:24 | 00,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
PRC - [2008/12/02 20:28:22 | 00,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/11/19 11:14:06 | 00,222,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2008/10/23 14:46:02 | 00,223,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
PRC - [2008/10/22 12:32:20 | 00,628,016 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008/10/10 14:24:44 | 00,206,128 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe


========== Modules (SafeList) ==========

MOD - [2009/12/01 22:05:03 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Drunkle\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/24 19:26:26 | 01,142,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/08/13 17:09:38 | 00,240,640 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/04/11 01:11:13 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\bthserv.dll -- (BthServ)
SRV:64bit: - [2009/03/02 18:42:58 | 00,089,600 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_1b06afce\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/10 08:04:58 | 00,935,424 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/03/18 17:25:40 | 00,023,040 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 20:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 13:11:30 | 00,015,872 | ---- | M] (Agere Systems) -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2009/11/21 16:32:45 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/28 20:21:28 | 00,660,256 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/03 10:53:00 | 00,048,368 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/08/27 12:28:00 | 00,238,328 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/08/05 23:16:45 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/29 22:39:54 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/02/15 23:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/02/09 17:14:02 | 00,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/02/09 17:14:02 | 00,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/02 20:28:22 | 00,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/11/19 11:14:06 | 00,222,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx)
SRV - [2008/10/23 14:46:02 | 00,223,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2008/10/09 09:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/09/15 08:13:38 | 00,241,734 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2008/06/09 11:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/11/02 07:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 00:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 00:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2004/10/22 05:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/12/08 12:10:48 | 00,074,880 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/09/30 18:51:42 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/02 03:09:34 | 00,221,696 | ---- | M] (Realtek ) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/08/28 19:42:52 | 00,049,152 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/13 17:09:38 | 00,487,936 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/05/18 14:17:08 | 00,034,152 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/10 23:39:51 | 00,275,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/02/15 23:11:48 | 00,337,560 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysNative\DRIVERS\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2009/01/19 22:57:37 | 00,694,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Drivers\BTHport.sys -- (BTHPORT)
DRV:64bit: - [2009/01/19 22:57:37 | 00,178,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV:64bit: - [2009/01/19 22:57:37 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Drivers\BTHUSB.sys -- (BTHUSB)
DRV:64bit: - [2009/01/19 22:57:37 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\BthEnum.sys -- (BthEnum)
DRV:64bit: - [2008/12/10 09:31:26 | 04,993,024 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/11/21 21:05:22 | 01,253,376 | ---- | M] (Agere Systems) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/10/27 18:40:02 | 01,164,288 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/07/21 04:53:04 | 00,145,496 | ---- | M] (JMicron Technology Corporation) -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/05/28 16:54:18 | 00,026,168 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/04/27 23:25:06 | 00,016,400 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/03/28 01:06:00 | 00,324,656 | ---- | M] (Synaptics, Inc.) -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/03/27 13:10:56 | 00,026,984 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 13:10:14 | 00,040,296 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/01/24 07:24:24 | 00,060,928 | ---- | M] (ENE TECHNOLOGY INC.) -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/01/20 20:47:27 | 00,168,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2008/01/20 20:47:02 | 00,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV:64bit: - [2008/01/20 20:46:57 | 03,154,432 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2008/01/20 20:46:55 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 20:46:51 | 00,017,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2007/06/18 18:13:12 | 00,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 19:45:36 | 00,273,408 | ---- | M] (Marvell) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2008/11/28 19:04:24 | 00,146,928 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2006/09/18 15:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 15:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.69

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/11/07 13:44:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/11/07 13:44:13 | 00,000,000 | ---D | M]

[2009/06/24 20:29:07 | 00,000,000 | ---D | M] -- C:\Users\Drunkle\AppData\Roaming\Mozilla\Extensions
[2009/12/08 08:09:28 | 00,000,000 | ---D | M] -- C:\Users\Drunkle\AppData\Roaming\Mozilla\Firefox\Profiles\uhk064xe.default\extensions
[2009/06/24 20:55:55 | 00,000,000 | ---D | M] -- C:\Users\Drunkle\AppData\Roaming\Mozilla\Firefox\Profiles\uhk064xe.default\extensions\{47d1d620-5e5b-11da-8cd6-0800200c9a66}
[2009/10/30 16:45:59 | 00,000,000 | ---D | M] -- C:\Users\Drunkle\AppData\Roaming\Mozilla\Firefox\Profiles\uhk064xe.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2009/08/13 15:51:01 | 00,000,000 | ---D | M] -- C:\Users\Drunkle\AppData\Roaming\Mozilla\Firefox\Profiles\uhk064xe.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/09/10 14:44:47 | 00,000,000 | ---D | M] -- C:\Users\Drunkle\AppData\Roaming\Mozilla\Firefox\Profiles\uhk064xe.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/11/21 06:04:00 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: (98 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 30 Days ==========

[2009/12/07 10:18:03 | 00,000,000 | ---D | C] -- C:\Users\Drunkle\DoctorWeb
[2009/12/07 09:55:51 | 24,531,704 | ---- | C] (Doctor Web, Ltd.) -- C:\Users\Drunkle\Desktop\drweb-cureit.exe
[2009/12/06 22:21:23 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/12/02 12:57:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2009/12/02 12:50:58 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/01 22:05:02 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Users\Drunkle\Desktop\OTL.exe
[2009/11/24 23:13:52 | 00,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2009/11/24 23:13:52 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2009/11/21 15:52:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/11/21 06:03:57 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2009/11/21 06:03:57 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2009/11/21 06:03:57 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2009/11/17 13:56:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2009/11/17 13:56:36 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2009/11/17 13:56:33 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/11/17 11:27:56 | 00,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2009/11/17 11:27:56 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2009/11/17 11:27:56 | 00,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2009/11/17 11:27:55 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2009/11/17 11:27:54 | 01,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2009/11/17 11:27:54 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2009/11/17 11:27:54 | 00,981,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2009/11/17 11:27:54 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecs.dll
[2009/11/17 11:27:54 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2009/11/17 11:27:54 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2009/11/17 11:27:54 | 00,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2009/11/17 11:27:54 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2009/11/17 11:27:54 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2009/11/17 11:27:54 | 00,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2009/11/17 11:27:54 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecsExt.dll
[2009/11/17 11:27:54 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2009/11/17 11:27:54 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2009/11/17 11:27:53 | 03,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2009/11/17 11:27:53 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2009/11/17 11:27:53 | 01,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2009/11/17 11:27:53 | 01,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2009/11/17 11:27:53 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2009/11/17 11:27:53 | 00,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2009/11/17 11:27:53 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2009/11/17 11:27:53 | 00,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2009/11/17 11:27:53 | 00,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2009/11/17 11:27:53 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2009/11/17 11:27:53 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10level9.dll
[2009/11/17 11:27:53 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxgi.dll
[2009/11/17 11:27:53 | 00,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2009/11/17 11:27:53 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2009/11/17 11:27:53 | 00,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiag.exe
[2009/11/17 11:27:53 | 00,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2009/11/17 11:27:53 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll
[2009/11/17 11:27:53 | 00,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2009/11/17 11:27:53 | 00,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll
[2009/11/17 11:27:53 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiag.exe
[2009/11/17 11:27:53 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2009/11/17 11:27:53 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll
[2009/11/17 11:27:53 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10core.dll
[2009/11/17 11:27:52 | 01,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2009/11/17 11:27:52 | 01,269,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2009/11/17 11:27:52 | 01,142,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll
[2009/11/17 11:27:52 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2009/11/17 11:27:52 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10.dll
[2009/11/17 11:27:52 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2009/11/17 11:27:52 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2009/11/17 11:27:20 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BthMtpContextHandler.dll
[2009/11/17 11:27:20 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShextAutoplay.exe
[2009/11/17 11:27:20 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShextAutoplay.exe
[2009/11/17 11:27:14 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceConnectApi.dll
[2009/11/17 11:27:14 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtpUS.dll
[2009/11/17 11:27:14 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WpdUsb.sys
[2009/11/17 11:27:14 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdConns.dll
[2009/11/17 11:27:13 | 02,727,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2009/11/17 11:27:13 | 02,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpdshext.dll
[2009/11/17 11:27:13 | 00,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2009/11/17 11:27:13 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
[2009/11/17 11:27:13 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceApi.dll
[2009/11/17 11:27:13 | 00,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtp.dll
[2009/11/17 11:27:13 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceTypes.dll
[2009/11/17 11:27:13 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceTypes.dll
[2009/11/17 11:27:13 | 00,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceClassExtension.dll
[2009/11/17 11:27:13 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll
[2009/11/17 11:27:13 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceClassExtension.dll
[2009/11/17 11:27:13 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceConnectApi.dll
[2009/11/17 11:27:12 | 00,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll
[2009/11/17 11:27:12 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll
[2009/11/17 11:27:12 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceWMDRM.dll
[2009/11/17 11:27:12 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceWMDRM.dll
[2009/11/17 11:25:56 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2009/11/17 11:25:56 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2009/11/17 11:25:55 | 00,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2009/11/17 11:25:55 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2009/11/17 11:25:55 | 00,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2009/11/15 16:08:10 | 00,000,000 | -HSD | C] -- C:\found.001
[2009/11/09 22:54:03 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2009/11/09 22:50:57 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/11/09 15:23:45 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/11/09 15:04:58 | 00,000,000 | ---D | C] -- C:\Users\Drunkle\Desktop\us
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/08 12:15:51 | 02,097,152 | -HS- | M] () -- C:\Users\Drunkle\NTUSER.DAT
[2009/12/08 12:11:32 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/12/08 12:11:32 | 00,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/12/08 12:11:32 | 00,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/12/08 12:10:48 | 00,074,880 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2009/12/08 12:09:55 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/07 14:02:57 | 00,000,039 | ---- | M] () -- C:\Users\Drunkle\jagex_runescape_preferences.dat
[2009/12/07 12:42:55 | 00,000,069 | ---- | M] () -- C:\Users\Drunkle\jagex_runescape_preferences2.dat
[2009/12/07 10:30:35 | 00,350,192 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2009/12/07 10:30:35 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/07 10:30:33 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/07 10:30:33 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/07 10:30:22 | 40,242,62656 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/07 10:29:39 | 00,524,288 | -HS- | M] () -- C:\Users\Drunkle\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2009/12/07 10:29:39 | 00,065,536 | -HS- | M] () -- C:\Users\Drunkle\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2009/12/07 10:12:46 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/12/07 10:00:25 | 24,531,704 | ---- | M] (Doctor Web, Ltd.) -- C:\Users\Drunkle\Desktop\drweb-cureit.exe
[2009/12/07 09:47:48 | 62,946,7843 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/12/07 09:29:32 | 00,002,658 | ---- | M] () -- C:\Users\Drunkle\Desktop\KAS.html
[2009/12/06 18:39:33 | 00,524,288 | ---- | M] () -- C:\Users\Drunkle\Desktop\dds.scr
[2009/12/02 12:56:27 | 02,672,312 | ---- | M] () -- C:\Users\Drunkle\Desktop\esetsmartinstaller_enu.exe
[2009/12/01 22:18:51 | 00,292,352 | ---- | M] () -- C:\Users\Drunkle\Desktop\senv2qfw.exe
[2009/12/01 22:05:03 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Drunkle\Desktop\OTL.exe
[2009/11/25 01:50:31 | 00,003,584 | ---- | M] () -- C:\Users\Drunkle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/21 17:44:33 | 00,008,981 | ---- | M] () -- C:\Users\Drunkle\Documents\hijackthis21nov09
[2009/11/21 15:52:31 | 00,001,928 | ---- | M] () -- C:\Users\Drunkle\Desktop\HijackThis.lnk
[2009/11/17 13:51:07 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/11/17 13:50:58 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/12 22:42:10 | 00,001,724 | ---- | M] () -- C:\Users\Drunkle\Desktop\CCleaner.lnk
[2009/11/11 16:32:49 | 00,305,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/11/09 22:54:02 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2009/11/09 22:50:54 | 00,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/07 10:30:22 | 40,242,62656 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/07 09:47:48 | 62,946,7843 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/12/07 09:29:32 | 00,002,658 | ---- | C] () -- C:\Users\Drunkle\Desktop\KAS.html
[2009/12/06 18:39:32 | 00,524,288 | ---- | C] () -- C:\Users\Drunkle\Desktop\dds.scr
[2009/12/02 12:56:01 | 02,672,312 | ---- | C] () -- C:\Users\Drunkle\Desktop\esetsmartinstaller_enu.exe
[2009/12/01 22:18:51 | 00,292,352 | ---- | C] () -- C:\Users\Drunkle\Desktop\senv2qfw.exe
[2009/11/21 17:44:33 | 00,008,981 | ---- | C] () -- C:\Users\Drunkle\Documents\hijackthis21nov09
[2009/11/21 15:52:31 | 00,001,928 | ---- | C] () -- C:\Users\Drunkle\Desktop\HijackThis.lnk
[2009/11/17 13:51:07 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/11/17 13:50:58 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/10/15 07:13:33 | 00,000,680 | ---- | C] () -- C:\Users\Drunkle\AppData\Local\d3d9caps.dat
[2009/07/23 15:35:51 | 00,003,584 | ---- | C] () -- C:\Users\Drunkle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/26 19:36:04 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/06/26 19:35:00 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/24 22:28:09 | 00,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/06/24 22:27:59 | 00,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/06/24 22:27:15 | 00,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/06/24 22:26:38 | 00,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/06/24 22:25:09 | 00,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/06/24 21:50:25 | 00,410,970 | ---- | C] () -- C:\Users\Drunkle\AppData\Local\dd_vcredistMSI4631.txt
[2009/06/24 21:50:25 | 00,014,634 | ---- | C] () -- C:\Users\Drunkle\AppData\Local\dd_vcredistUI4631.txt
[2009/06/24 19:50:26 | 00,060,158 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/06/24 19:50:22 | 00,000,000 | ---- | C] () -- C:\Users\Drunkle\AppData\Local\QSwitch.txt
[2009/06/24 19:50:22 | 00,000,000 | ---- | C] () -- C:\Users\Drunkle\AppData\Local\DSwitch.txt
[2009/06/24 19:50:22 | 00,000,000 | ---- | C] () -- C:\Users\Drunkle\AppData\Local\AtStart.txt
[2009/01/19 23:45:49 | 00,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/01/19 23:36:56 | 00,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/01/19 23:34:18 | 00,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/01/19 23:32:19 | 00,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/01/20 20:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 20:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 20:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 20:46:50 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/01/19 23:18:21 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=35137384FFB6FB4B4C3063CEB5DB34BE -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_37d5e5fef5f86cf7\atapi.sys
[2008/08/15 22:49:42 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=ACA311FAC841A06E4A7EF9A0F1C195F8 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22245_none_39ba2410f320cb3a\atapi.sys
[2009/01/19 23:18:21 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=B388797CAAB36D523840347CC6A39B96 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_398211faf34b271a\atapi.sys
[2009/04/11 01:15:00 | 00,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:16:48 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/05/17 23:34:04 | 00,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 20:46:59 | 00,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 20:51:03 | 00,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 00:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 00:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 00:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 01:11:16 | 00,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 20:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 20:46:54 | 00,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 20:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 20:49:49 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 00:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 00:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 00:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 01:11:23 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
< End of report >



KAS Scan results:

Monday, December 7, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 2 (build 6002)

DDS


DDS (Ver_09-12-01.01) - NTFSX64
Run by Drunkle at 18:40:15.04 on Sun 12/06/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.2170 [GMT -6:00]

SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SMINST\BLService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Drunkle\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QlbCtrl.exe] "c:\program files (x86)\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [WirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [ZoneAlarm Client] "c:\program files (x86)\zone labs\zonealarm\zlclient.exe"
mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun-x64: [SysTrayApp] c:\program files\idt\wdm\sttray64.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\drunkle\appdata\roaming\mozilla\firefox\profiles\uhk064xe.default\
FF - plugin: c:\users\drunkle\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\drunkle\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\drunkle\appdata\roaming\mozilla\firefox\profiles\uhk064xe.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/06/24 21:15:28];c:\program files (x86)\hewlett-packard\media\dvd\000.fcl [2008-11-28 146928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_1b06afce\AESTSr64.exe [2009-3-2 89600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2009-6-24 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2009-6-24 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-24 73048]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 23040]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\sminst\BLService.exe [2009-1-19 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\hewlett-packard\media\tv\kernel\tv\TVCapSvc.exe [2009-2-9 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\hewlett-packard\media\tv\kernel\tv\TVSched.exe [2009-2-9 116096]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-1-19 222512]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 60928]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-6-24 26168]
S2 Norton Internet Security;Norton Internet Security;"c:\program files (x86)\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files (x86)\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files (x86)\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-6-26 89920]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-21 145496]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw3v64.sys [2008-1-20 3154432]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2006-11-2 273408]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2009-12-02 18:57:37 0 d-----w- c:\program files (x86)\ESET
2009-12-02 18:50:58 0 d-----w- C:\_OTL
2009-11-25 08:04:03 2048 ----a-w- c:\windows\syswow64\tzres.dll
2009-11-25 08:04:03 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 05:14:15 1869824 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 05:14:14 1797120 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 05:14:13 1401856 ----a-w- c:\windows\syswow64\msxml6.dll
2009-11-25 05:14:12 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
2009-11-25 05:13:52 880640 ----a-w- c:\windows\system32\timedate.cpl
2009-11-25 05:13:52 714240 ----a-w- c:\windows\syswow64\timedate.cpl
2009-11-21 21:52:31 0 d-----w- c:\program files (x86)\Trend Micro
2009-11-21 12:03:57 149280 ----a-w- c:\windows\syswow64\javaws.exe
2009-11-21 12:03:57 145184 ----a-w- c:\windows\syswow64\javaw.exe
2009-11-21 12:03:57 145184 ----a-w- c:\windows\syswow64\java.exe
2009-11-17 19:56:36 0 d-----w- c:\windows\syswow64\spool
2009-11-17 19:56:36 0 d-----w- c:\program files (x86)\Windows Portable Devices
2009-11-17 19:56:33 0 d-----w- c:\program files\Windows Portable Devices
2009-11-17 19:51:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 19:50:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-17 17:25:56 4096 ----a-w- c:\windows\syswow64\oleaccrc.dll
2009-11-17 17:25:56 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-17 17:25:55 736256 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-17 17:25:55 555520 ----a-w- c:\windows\syswow64\UIAutomationCore.dll
2009-11-17 17:25:55 315904 ----a-w- c:\windows\system32\oleacc.dll
2009-11-17 17:25:55 234496 ----a-w- c:\windows\syswow64\oleacc.dll
2009-11-15 22:08:10 0 d-sh--w- C:\found.001
2009-11-11 19:18:49 355328 ----a-w- c:\windows\syswow64\WSDApi.dll
2009-11-11 19:18:48 441856 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-11 19:18:45 2751488 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 04:54:03 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-10 04:50:57 0 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

==================== Find3M ====================

2009-12-04 04:45:52 39 ----a-w- c:\users\drunkle\jagex_runescape_preferences.dat
2009-12-04 04:27:00 69 ----a-w- c:\users\drunkle\jagex_runescape_preferences2.dat
2009-12-02 19:14:06 350192 ----a-w- c:\windows\system32\drivers\vsconfig.xml
2009-11-29 05:35:50 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-29 05:35:50 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-29 05:35:49 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-17 19:56:23 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-21 10:40:08 5939712 ----a-w- c:\windows\syswow64\mshtml.dll
2009-10-11 10:17:27 411368 ----a-w- c:\windows\syswow64\deploytk.dll
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\syswow64\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\syswow64\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\syswow64\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\syswow64\WPDShServiceObj.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\syswow64\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\syswow64\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\syswow64\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\syswow64\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\syswow64\PortableDeviceClassExtension.dll
2009-10-01 00:52:29 2727936 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 00:52:10 453120 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 00:52:02 34816 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 00:51:59 110080 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 00:51:56 37888 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 00:51:54 573440 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 00:51:50 433152 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 00:51:46 218624 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 00:51:45 77824 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 00:51:45 113152 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 00:51:40 295936 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 00:51:40 107008 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 00:51:34 214528 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 00:51:33 75264 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 00:51:32 37376 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:27:43 1209856 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\syswow64\WindowsCodecs.dll
2009-09-25 02:10:01 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:09:10 411648 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\syswow64\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\syswow64\PhotoMetadataHandler.dll
2009-09-25 02:00:39 3068416 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:56:42 643072 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\syswow64\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\syswow64\XpsPrint.dll
2009-09-25 01:40:43 1461760 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:40:07 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:39:09 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\syswow64\OpcServices.dll
2009-09-25 01:36:16 262656 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\syswow64\XpsGdiConverter.dll
2009-09-25 01:36:08 1548800 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:35:49 328192 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:35:48 449024 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\syswow64\XpsRasterService.dll
2009-09-25 01:34:58 1269248 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:33:48 792576 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\syswow64\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\syswow64\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\syswow64\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\syswow64\dxdiag.exe
2009-09-25 01:32:22 566272 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:53 519680 ----a-w- c:\windows\syswow64\d3d11.dll
2009-09-25 01:31:53 196608 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:51 326656 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:47 625664 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:31:41 287744 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:31:36 981504 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\syswow64\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\syswow64\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\syswow64\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\syswow64\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\syswow64\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\syswow64\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\syswow64\d3d10core.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\syswow64\DWrite.dll
2009-09-25 01:26:38 47616 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:26:26 1548800 ----a-w- c:\windows\system32\DWrite.dll
2009-09-25 01:26:26 1142272 ----a-w- c:\windows\system32\FntCache.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\syswow64\winspool.drv
2009-09-16 23:49:02 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-16 23:49:02 342016 ----a-w- c:\windows\system32\winspool.drv
2009-09-16 23:49:02 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-10 17:09:22 269312 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 16:49:49 10626560 ----a-w- c:\windows\syswow64\wmp.dll
2009-09-10 16:48:01 218624 ----a-w- c:\windows\syswow64\msv1_0.dll
2009-09-10 15:27:55 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 15:27:25 372736 ----a-w- c:\windows\system32\unregmp2.exe
2009-09-10 14:59:26 8147456 ----a-w- c:\windows\syswow64\wmploc.DLL
2009-09-10 14:58:28 310784 ----a-w- c:\windows\syswow64\unregmp2.exe
2009-09-10 02:07:01 3815424 ----a-w- c:\windows\system32\UIRibbon.dll
2009-09-10 02:06:32 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-09-10 02:05:45 103424 ----a-w- c:\windows\system32\UIAnimation.dll
2009-09-10 02:01:02 3023360 ----a-w- c:\windows\syswow64\UIRibbon.dll
2009-09-10 02:00:54 1164800 ----a-w- c:\windows\syswow64\UIRibbonRes.dll
2009-09-10 02:00:36 92672 ----a-w- c:\windows\syswow64\UIAnimation.dll
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-06-29 05:11:07 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-06-25 04:29:08 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-01-20 05:18:23 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 18:41:34.12 ===============

Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, December 07, 2009 04:16:56
Records in database: 3338473
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
Scan statistics
Objects scanned 173619
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 03:53:04

No threats found. Scanned area is clean.
Selected area has been scanned.
"Finished products are for decadent minds." --Asimov
"Cogito ergo sum." --René Descartes

#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:57 AM

Posted 08 December 2009 - 11:53 PM

Will you please update your Avira. Run it and post a log. And yes..go ahead and re-run DrWeb and allow it to reset the HOSTS file. Any redirects?

Thanks,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#15 drunkle

drunkle
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:the Big O!
  • Local time:12:57 AM

Posted 09 December 2009 - 03:28 PM

Ok, I updated Avira and scanned (log below) and I ran Dr. Web and had it restore the Hosts file. How's it looking now?

drunkle



Avira AntiVir Personal
Report file date: Wednesday, December 09, 2009 12:21

Scanning for 1426081 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista 64 Bit
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DRUNKLE-PC

Version information:
BUILD.DAT : 9.0.0.418 21723 Bytes 12/2/2009 16:28:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 11/20/2009 17:01:38
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 16:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 17:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 16:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:01:38
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 17:01:38
VBASE002.VDF : 7.10.1.1 2048 Bytes 11/19/2009 17:01:38
VBASE003.VDF : 7.10.1.2 2048 Bytes 11/19/2009 17:01:38
VBASE004.VDF : 7.10.1.3 2048 Bytes 11/19/2009 17:01:38
VBASE005.VDF : 7.10.1.4 2048 Bytes 11/19/2009 17:01:38
VBASE006.VDF : 7.10.1.5 2048 Bytes 11/19/2009 17:01:38
VBASE007.VDF : 7.10.1.6 2048 Bytes 11/19/2009 17:01:38
VBASE008.VDF : 7.10.1.7 2048 Bytes 11/19/2009 17:01:38
VBASE009.VDF : 7.10.1.8 2048 Bytes 11/19/2009 17:01:38
VBASE010.VDF : 7.10.1.9 2048 Bytes 11/19/2009 17:01:38
VBASE011.VDF : 7.10.1.10 2048 Bytes 11/19/2009 17:01:38
VBASE012.VDF : 7.10.1.11 2048 Bytes 11/19/2009 17:01:38
VBASE013.VDF : 7.10.1.79 209920 Bytes 11/25/2009 20:54:08
VBASE014.VDF : 7.10.1.128 197632 Bytes 11/30/2009 17:22:08
VBASE015.VDF : 7.10.1.178 195584 Bytes 12/7/2009 18:10:12
VBASE016.VDF : 7.10.1.179 2048 Bytes 12/7/2009 18:10:12
VBASE017.VDF : 7.10.1.180 2048 Bytes 12/7/2009 18:10:12
VBASE018.VDF : 7.10.1.181 2048 Bytes 12/7/2009 18:10:12
VBASE019.VDF : 7.10.1.182 2048 Bytes 12/7/2009 18:10:12
VBASE020.VDF : 7.10.1.183 2048 Bytes 12/7/2009 18:10:12
VBASE021.VDF : 7.10.1.184 2048 Bytes 12/7/2009 18:10:12
VBASE022.VDF : 7.10.1.185 2048 Bytes 12/7/2009 18:10:12
VBASE023.VDF : 7.10.1.186 2048 Bytes 12/7/2009 18:10:12
VBASE024.VDF : 7.10.1.187 2048 Bytes 12/7/2009 18:10:13
VBASE025.VDF : 7.10.1.188 2048 Bytes 12/7/2009 18:10:13
VBASE026.VDF : 7.10.1.189 2048 Bytes 12/7/2009 18:10:13
VBASE027.VDF : 7.10.1.190 2048 Bytes 12/7/2009 18:10:13
VBASE028.VDF : 7.10.1.191 2048 Bytes 12/7/2009 18:10:13
VBASE029.VDF : 7.10.1.192 2048 Bytes 12/7/2009 18:10:13
VBASE030.VDF : 7.10.1.193 2048 Bytes 12/7/2009 18:10:13
VBASE031.VDF : 7.10.1.206 77312 Bytes 12/9/2009 18:10:06
Engineversion : 8.2.1.102
AEVDF.DLL : 8.1.1.2 106867 Bytes 9/16/2009 15:14:48
AESCRIPT.DLL : 8.1.2.45 586108 Bytes 11/18/2009 04:35:08
AESCN.DLL : 8.1.2.5 127346 Bytes 9/3/2009 23:42:13
AESBX.DLL : 8.1.1.1 246132 Bytes 11/20/2009 17:01:38
AERDL.DLL : 8.1.3.4 479605 Bytes 12/1/2009 17:22:22
AEPACK.DLL : 8.2.0.3 422261 Bytes 11/6/2009 04:28:26
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 6/25/2009 03:54:30
AEHEUR.DLL : 8.1.0.186 2183544 Bytes 12/8/2009 18:10:35
AEHELP.DLL : 8.1.8.0 237942 Bytes 12/8/2009 18:10:16
AEGEN.DLL : 8.1.1.80 364917 Bytes 12/8/2009 18:10:15
AEEMU.DLL : 8.1.1.0 393587 Bytes 10/3/2009 03:19:14
AECORE.DLL : 8.1.8.5 180598 Bytes 12/2/2009 18:45:41
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 20:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 14:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 9/10/2009 01:05:39
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 20:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 16:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 21:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 16:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 21:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 14:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 16:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 21:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 11/20/2009 17:01:38

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files (x86)\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Wednesday, December 09, 2009 12:21

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '0' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '0' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '0' Module(s) have been scanned
Scan process 'HpqToaster.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '0' Module(s) have been scanned
Scan process 'Com4QLBEx.exe' - '1' Module(s) have been scanned
Scan process 'hpqWmiEx.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '0' Module(s) have been scanned
Scan process 'CCC.exe' - '0' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '0' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'HPWAMain.exe' - '0' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'sttray64.exe' - '0' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '0' Module(s) have been scanned
Scan process 'explorer.exe' - '0' Module(s) have been scanned
Scan process 'dwm.exe' - '0' Module(s) have been scanned
Scan process 'taskeng.exe' - '0' Module(s) have been scanned
Scan process 'HPHC_Service.exe' - '0' Module(s) have been scanned
Scan process 'taskeng.exe' - '0' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '0' Module(s) have been scanned
Scan process 'unsecapp.exe' - '0' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'TVSched.exe' - '1' Module(s) have been scanned
Scan process 'TVCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'BLService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'agr64svc.exe' - '0' Module(s) have been scanned
Scan process 'AESTSr64.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '0' Module(s) have been scanned
Scan process 'AAWService.exe' - '1' Module(s) have been scanned
Scan process 'wlanext.exe' - '0' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'hpservice.exe' - '0' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'SLsvc.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'stacsv64.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'winlogon.exe' - '0' Module(s) have been scanned
Scan process 'lsm.exe' - '0' Module(s) have been scanned
Scan process 'lsass.exe' - '0' Module(s) have been scanned
Scan process 'services.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'wininit.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'smss.exe' - '0' Module(s) have been scanned
19 processes with 19 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '35' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
Begin scan in 'D:\' <RECOVERY>


End of the scan: Wednesday, December 09, 2009 13:27
Used time: 1:06:08 Hour(s)

The scan has been done completely.

33873 Scanned directories
425189 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
425187 Files not concerned
1983 Archives were scanned
2 Warnings
2 Notes
"Finished products are for decadent minds." --Asimov
"Cogito ergo sum." --René Descartes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users